-
Do you speak geek: Respecting the letter of the law
Test your knowledge of security laws and regulations. Quiz
-
Quiz: Compliance
Test your knowledge of legislation and standards. Quiz
- See More: Essential Knowledge on HIPAA
-
Rite Aid to pay $1 million in HIPAA settlement
In its settlement agreement with the HHS over alleged HIPAA violations, the pharmacy chain will pay $1 million and must establish procedures for disposing of protected health information (PHI). News | 28 Jul 2010
-
Cost of security, IT management add up at healthcare facilities, study finds
Digitalizing healthcare records and new health systems fail to cut costs, according to new research from Harvard University. Security and other management costs add up. Article | 24 Nov 2009
-
Healthcare security spending remains sluggish, report shows
Billions for electronic healthcare records aren't driving security budgets up, according to the Healthcare Information and Management Systems Society. Article | 09 Nov 2009
-
HITECH Act incentives translate to opportunities for VARs
Healthcare organizations are moving quickly to grab a piece of the $19.2 billion in incentives earmarked by the Health Information Technology for Economic and Clinical Health (HITECH) Act to convert to digital medical records. The channel must move q... Article | 28 Sep 2009
-
FTC extends breach notification to Web-based health repositories
Companies that collect and retain health data and aren't covered under HIPAA are now subject to similar breach notification rules, according to a new FTC ruling. Article | 18 Aug 2009
-
HIPAA changes force healthcare to improve data flow
Do you know where your data is? The latest HIPAA changes should motivate healthcare security teams to understand information flows. Column | 02 Mar 2009
-
CVS pays $2.25 million HIPAA violation settlement
CVS pharmacy employees allegedly committed a HIPAA violiation when tossing pill bottle labels with patient information into the trash. Article | 18 Feb 2009
-
Hacked dental school server compromises 300,000
A hacker used a vulnerability scanning tool to compromise a server at the University of Florida's College of Dentistry, compromising the sensitive information of patients. Article | 17 Nov 2008
-
Consensus Controls project aims to set benchmarks for compliance
The Consensus Controls project aims to provide organizations with a peer review system for IT controls. Article | 03 Oct 2008
-
Security visualization helps make log files work
Using visualization tools, security pros can build charts and graphs to make sense of complex log files and data and improve their company's security stance. Article | 28 Aug 2008
- See More: News on HIPAA
-
Proposed HIPAA privacy rules changes may demand new tools, processes
Proposed HIPAA privacy rules changes may require companies to keep closer tabs on electronic health records. Charles Denyer explains what it may mean for enterprise compliance. Tip
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
-
Using standardized enterprise security practices to secure and defend your network
PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how. Tip
-
HIPAA covered entity and business associate agreement requirements
Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your organization, and make sure all your BAs are compliant... Tip
-
New security breach notification rules expand security requirements
The Department of Health and Human Services and the Federal Trade Commission last year issued security breach notification rules for disclosure of unsecured personal health information. In this tip, Andrew Baer explains how the new rules expand data ... Tip
-
Creating a HIPAA employee training program
Want to get your employees on board the HIPPA/HITECH compliance train? Learn how to create a HIPAA employee awareness training program to make sure employees understand what's at stake. Tip
-
HIPAA compliance: New regulations change the game
Recent changes to HIPAA regulations coupled with renewed HIPAA enforcement may stir a panic among enterprise security teams charged with safeguarding PHI. Not so, according to security management expert David Mortman. Learn how HIPAA has changed and ... Tip
-
Key elements of a HIPAA compliance checklist
Putting together a HIPAA compliance program can be fraught with difficulty and unseen challenges. Richard Mackey reviews four best practices that can help you avoid common pitfalls and pass an audit. Tip
-
HIPAA privacy regulations get some teeth: Be prepared
In July, a Seattle healthcare agency received a six-figure fine by the U.S. Department of Health and Human Services for compromising patient data. The penalty was the first of its kind, raising the stakes on HIPAA compliance. As HIPAA regulations sta... Tip
-
Defining adequate security controls
Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for SOX compliance. Tip
- See More: Tips on HIPAA
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect. Answer
-
HIPAA password policy: Managing Windows stored usernames and passwords
Under HIPAA, is it allowable to store Windows usernames and passwords? In this expert response, Ernie Hayden discusses managing access for companies that must be HIPAA compliant. Ask the Expert
-
HIPAA and Social Security numbers in a hospital computer network
Learn when Social Security numbers can be used for patient identification without violating HIPAA patient confidentiality requirements. Ask the Expert
-
How to encrypt data-at-rest to meet the HITECH act regulations
What's the best way to encrypt data-at-rest to meet the HITECH act regulations? Learn how to interpret guidance from NIST 800-111 in this security management expert response from David Mortman. Ask the Expert
-
How to destroy data on a hard drive to comply with HIPAA regulations
Looking to destroy HIPAA data on a hard drive? Learn the best way to destroy a hard drive to comply with HIPAA regulations in this expert response from David Mortman. Ask the Expert
-
How to provide access to Web content (while ensuring network security)
A reader asks expert Michael Cobb how healthcare organizations should allow Web access without compromising network security. Ask the Expert
-
Where to find HIPAA resources for employee compliance training
Is your organization in the process of training employees for HIPAA compliance? Learn where to find HIPAA resources and HIPAA training tools to get the task done. Ask the Expert
-
How to find HIPAA transaction code sets and HITECH resources
Complying with HIPAA and the new HITECH regulations is no small matter, and that's where HIPAA transaction code sets and HITECH resources for compliance can help. Learn where to find these resources in this expert response. Ask the Expert
-
Are there guidelines to create a HIPAA-compliant data center?
Are there specific guidelines for creating a HIPAA compliant data center? In this expert response, security management expert David Mortman suggests resources to boost compliance. Ask the Expert
-
HHS HIPAA guidance on encryption requirements and data destruction
Complying with HIPAA is only becoming more challenging. Fortunately, the Department of Health and Human Services has recently released some preliminary guidelines on how to deal with HIPAA's encryption requirements and data destruction. Ask the Expert
- See More: Expert Advice on HIPAA
-
HIPAA business associate
As defined by the Health Information Portability and Accountability Act (HIPAA), a business associate is any organization or person working in association with or providing services to a covered entity who handles or discloses Personal Health Informa... Word
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect. Answer
-
Proposed HIPAA privacy rules changes may demand new tools, processes
Proposed HIPAA privacy rules changes may require companies to keep closer tabs on electronic health records. Charles Denyer explains what it may mean for enterprise compliance. Tip
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
-
Using standardized enterprise security practices to secure and defend your network
PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how. Tip
-
Rite Aid to pay $1 million in HIPAA settlement
In its settlement agreement with the HHS over alleged HIPAA violations, the pharmacy chain will pay $1 million and must establish procedures for disposing of protected health information (PHI). News
-
HIPAA covered entity and business associate agreement requirements
Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your organization, and make sure all your BAs are compliant... Tip
-
HIPAA business associate
As defined by the Health Information Portability and Accountability Act (HIPAA), a business associate is any organization or person working in association with or providing services to a covered entity who handles or discloses Personal Health Informa... Word
-
New security breach notification rules expand security requirements
The Department of Health and Human Services and the Federal Trade Commission last year issued security breach notification rules for disclosure of unsecured personal health information. In this tip, Andrew Baer explains how the new rules expand data ... Tip
-
HIPAA password policy: Managing Windows stored usernames and passwords
Under HIPAA, is it allowable to store Windows usernames and passwords? In this expert response, Ernie Hayden discusses managing access for companies that must be HIPAA compliant. Ask the Expert
-
HIPAA and Social Security numbers in a hospital computer network
Learn when Social Security numbers can be used for patient identification without violating HIPAA patient confidentiality requirements. Ask the Expert
- See More: All on HIPAA
About HIPAA
In this guide get information on the Health Insurance Portability and Accountability Act (HIPAA). Learn about HIPAA privacy laws, compliance, regulations, rules, violations, audits, training and records.